feat: wetSpring parity — capability registry, method normalization, workspace lint evolution

- capability_registry.toml: machine-readable self-knowledge (12 groups, 46+ methods)
- consumed_capabilities manifest: security, discovery, crypto (Wire Standard L3)
- normalize_method(): zero-alloc legacy prefix stripping for backward compat
- clippy.toml: too-many-lines-threshold = 150
- workspace lints: expect_used deny, rust-version 1.85 MSRV
- 5 unfulfilled #[expect(too_many_lines)] removed after threshold increase
- cargo fmt, clippy, doc, test — all PASS (11,794 tests, 0 failures)

Made-with: Cursor

Author: NestGate Team

CHANGELOG.md

@@ -9,6 +9,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased] - 4.7.0-dev
 
+### Session 43e: wetSpring parity — workspace lints, capability registry, method normalization (April 13, 2026)
+
+- **wetSpring pattern validation**: Pulled and analyzed wetSpring V143 systems; identified and resolved
+  6 ecosystem parity gaps.
+- **Workspace lint evolution**: `expect_used` escalated `warn` → `deny`; `clippy.toml` added with
+  `too-many-lines-threshold = 150`; `rust-version = "1.85"` (MSRV) set in `[workspace.package]`.
+- **`consumed_capabilities` manifest**: Wire Standard L3 `capabilities.list` response now declares
+  3 consumed capabilities (security, discovery, crypto) instead of empty array.
+- **`capability_registry.toml` created**: Machine-readable primal self-knowledge — 12 capability
+  groups, 46+ methods, 3 consumed capabilities. Matches wetSpring's registry pattern.
+- **Method normalization**: `normalize_method()` (zero-alloc `Cow`) strips legacy `nestgate.` prefix
+  for backward-compatible clients; wired into UDS + isomorphic IPC dispatch.
+- **`clippy::too_many_lines` cleanup**: 5 unfulfilled `#[expect]` attributes removed after threshold
+  increase; 4 justified suppressions retained (160+ line dispatch tables).
+- Validation: `cargo fmt`, `cargo clippy`, `cargo doc`, `cargo test` — all PASS (11,794 tests, 0 failures).
+
 ### Session 43d: Deep debt evolution — casts, clones, refactors, tracing (April 12, 2026)
 
 - **10 dangerous `as` casts evolved**: `response_builder.rs` pagination → `div_ceil` + `u32::try_from`,

Cargo.toml

@@ -86,6 +86,7 @@ members = [
 # All ecoPrimals are AGPL-3.0-or-later (strictest copyleft)
 # Humans get free use through beardog entropy systems
 [workspace.package]
+rust-version = "1.85"
 license = "AGPL-3.0-or-later"
 authors = ["ecoPrimals Collective"]
 repository = "https://github.com/ecoprimals/nestgate"
@@ -219,7 +220,7 @@ nursery = { level = "warn", priority = -1 }
 significant_drop_tightening = "allow"
 unused_self = "allow"
 unwrap_used = "deny"
-expect_used = "warn"
+expect_used = "deny"
 panic = "warn"
 todo = "deny"
 unimplemented = "deny"

STATUS.md

@@ -1,6 +1,6 @@
 # NestGate - Current Status
 
-**Last Updated**: April 12, 2026 (Session 43d — deep debt evolution)  
+**Last Updated**: April 13, 2026 (Session 43e — wetSpring parity)  
 **Version**: 4.7.0-dev
 
 ---

capability_registry.toml

@@ -0,0 +1,97 @@
+# NestGate Capability Registry — Machine-Readable Self-Knowledge
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# Copyright (c) 2025-2026 ecoPrimals Collective
+#
+# This file is the single source of truth for NestGate's primal identity
+# and advertised capabilities. Wire Standard L3 responses and cross-check
+# tests derive from these definitions.
+
+[primal]
+name = "nestgate"
+domain = "storage"
+version = "4.7.0-dev"
+license = "AGPL-3.0-or-later"
+description = "Sovereign storage & permanence primal — filesystem-backed durable key-value, blob, and ZFS orchestration"
+transport = ["uds", "http"]
+protocol = "jsonrpc-2.0"
+
+[capabilities.storage]
+domain = "storage"
+description = "Filesystem-backed durable key-value and blob storage"
+methods = [
+    "storage.store", "storage.retrieve", "storage.exists",
+    "storage.delete", "storage.list", "storage.stats",
+    "storage.store_blob", "storage.retrieve_blob", "storage.fetch_external",
+]
+
+[capabilities.model]
+domain = "model"
+description = "AI model cache — registration, lookup, metadata"
+methods = ["model.register", "model.exists", "model.locate", "model.metadata"]
+
+[capabilities.templates]
+domain = "templates"
+description = "Template persistence and community ranking"
+methods = ["templates.store", "templates.retrieve", "templates.list", "templates.community_top"]
+
+[capabilities.session]
+domain = "session"
+description = "Game session persistence (convenience over storage.*)"
+methods = ["session.save", "session.load"]
+
+[capabilities.audit]
+domain = "audit"
+description = "Execution audit trail persistence"
+methods = ["audit.store_execution"]
+
+[capabilities.nat]
+domain = "nat"
+description = "NAT traversal endpoint persistence"
+methods = ["nat.store_traversal_info", "nat.retrieve_traversal_info"]
+
+[capabilities.beacon]
+domain = "beacon"
+description = "Known beacon persistence for mesh discovery"
+methods = ["beacon.store", "beacon.retrieve", "beacon.list", "beacon.delete"]
+
+[capabilities.data]
+domain = "data"
+description = "External data feed proxying (NCBI, NOAA, IRIS)"
+methods = ["data.ncbi_search", "data.ncbi_fetch", "data.noaa_ghcnd", "data.iris_stations", "data.iris_events"]
+
+[capabilities.zfs]
+domain = "zfs"
+description = "ZFS storage management — pools, datasets, snapshots"
+methods = [
+    "zfs.pool.list", "zfs.pool.get", "zfs.pool.health",
+    "zfs.dataset.list", "zfs.dataset.get",
+    "zfs.snapshot.list", "zfs.health",
+]
+
+[capabilities.health]
+domain = "health"
+description = "Liveness, readiness, and health check endpoints"
+methods = ["health.liveness", "health.readiness", "health.check"]
+
+[capabilities.identity]
+domain = "identity"
+description = "Primal identity and self-knowledge"
+methods = ["identity.get"]
+
+[capabilities.discovery]
+domain = "discovery"
+description = "Capability advertisement and listing"
+methods = ["capabilities.list", "discover.capabilities"]
+
+# Consumed capabilities — what NestGate needs from other primals
+[consumed_capabilities.security]
+reason = "BTSP handshake crypto delegation"
+required = false
+
+[consumed_capabilities.discovery_mesh]
+reason = "Songbird-style service mesh registration and heartbeat"
+required = false
+
+[consumed_capabilities.crypto]
+reason = "Content-addressed hashing, signature verification (delegated via IPC)"
+required = false

clippy.toml

@@ -0,0 +1 @@
+too-many-lines-threshold = 150

code/crates/nestgate-api/src/handlers/workspace_management/lifecycle/backup.rs

@@ -11,7 +11,6 @@ use nestgate_core::error::utilities::safe_env_var_or_default;
 use super::types::BackupConfig;
 
 /// Backup workspace with ZFS snapshots
-#[expect(clippy::too_many_lines)]
 pub async fn backup_workspace(
     Path(workspace_id): Path<String>,
     Json(config): Json<BackupConfig>,

code/crates/nestgate-api/src/handlers/workspace_management/lifecycle/restore.rs

@@ -11,7 +11,6 @@ use nestgate_core::error::utilities::safe_env_var_or_default;
 use super::types::RestoreConfig;
 
 /// Restore workspace from backup
-#[expect(clippy::too_many_lines)]
 pub async fn restore_workspace(
     Path(workspace_id): Path<String>,
     Json(config): Json<RestoreConfig>,

code/crates/nestgate-bin/src/cli/run.rs

@@ -9,7 +9,6 @@ use crate::error::BinErrorHelper;
 
 impl Cli {
     /// Run the CLI application
-    #[expect(clippy::too_many_lines)]
     pub async fn run(self) -> crate::error::BinResult<()> {
         // Setup logging
         setup_logging(self.verbose);

code/crates/nestgate-config/src/config/canonical_primary/domains/storage_canonical/backends/mod.rs

@@ -399,7 +399,6 @@ mod tests {
     }
 
     #[test]
-    #[expect(clippy::too_many_lines)]
     fn full_serde_roundtrip() {
         let distributed_node = DistributedStorageNode {
             id: "n1".to_string(),

code/crates/nestgate-installer/src/main.rs

@@ -25,8 +25,7 @@
     clippy::unnecessary_wraps,
     dead_code,
     clippy::struct_field_names,
-    clippy::trivially_copy_pass_by_ref,
-    clippy::too_many_lines
+    clippy::trivially_copy_pass_by_ref
 )]
 
 //! Main module